Custom Control Creation
Having operating system software and databases that are at the end-of-support life cycle is a serious and ever-present vulnerability in any IT operation. I do not find this vulnerability in Conformio. I then tried to create this vulnerability, but I could not find a suitable Control from the list that is presented for selection. Conformio does not allow me to create a new control. Software and Database maintenance updates would be an appropriate control. This also applies to the vulnerability of using software that is not current. Please advise how I should proceed to create this new vulnerability.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Considering your stated situation (Having operating system software and databases that are at the end-of-support life cycle), suggested assets, vulnerabilities, and threats, with respective controls are:
- Assets: “Operating systems” and “Database management systems”
- Vulnerabilities: “Rules for software and its databases not clearly defined” and “Requirements for software development not clearly defined”
- Threats: “Maintenance errors” and “Application error”
- Controls: “A.8.25 - Secure development life cycle” and “A.8.8 Management of technical vulnerabilities”
Please note that end-of-support is part of the retirement step of an asset life cycle management process (in this case, applied to assets operating system software and databases), and so it is an expected situation for IT operations.
Considering that, the vulnerability, in this case, would be related to not knowing what to do by this time.
Comment as guest or Sign in
Jan 23, 2023